SecuriTeamDetails
This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Vulnerable Systems:
WordPress version 5.3.4
WordPress version 5.2.7
WordPress version 5.1.6
WordPress version 5.0.10
WordPress version 4.9.15
WordPress version 4.8.14
WordPress version 4.7.18
WordPress version 4.6.19
WordPress version 4.5.22
WordPress version 4.4.23
WordPress version 4.3.24
WordPress version 4.2.28
WordPress version 4.1.31
WordPress version 4.0.31
WordPress version 3.9.32
WordPress version 3.8.34
WordPress version 3.7.34
CVE Information:
Disclosure Timeline:
Published Date:6/12/2020
Beyond Security
